Microsoft Monthly Security Update (September 2024)

Last Update Date: 16 Sep 2024 Release Date: 11 Sep 2024 4569 Views

RISK: Extremely High Risk

Extremely High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
SQL ServerMedium Risk Medium RiskRemote Code Execution
Information Disclosure
Elevation of Privilege		 
Microsoft OfficeExtremely High Risk Extremely High RiskRemote Code Execution
Elevation of Privilege
Information Disclosure
Security Restriction Bypass
Denial of Service		CVE-2024-38226 is being exploited in the wild. An attacker who successfully exploits this vulnerability could bypass Office macro policies used to block untrusted or malicious files.
AzureMedium Risk Medium RiskElevation of Privilege
Remote Code Execution		 
WindowsHigh Risk Extremely High RiskDenial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution
Security Restriction Bypass
Spoofing

CVE-2024-38014 is being exploited in the wild. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-38217 is being exploited in the wild.  This vulnerability can be exploited to bypass the Mark of the Web (MOTW) defenses.

CVE-2024-43461 is being exploited in the wild.  

Extended Security Updates (ESU)High Risk Extremely High RiskDenial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution
Security Restriction Bypass
Spoofing

Exploitation of CVE-2024-43491 is being detected. An attacker who successfully exploited this vulnerability can initiate pre-auth remote code execution.

 

Microsoft states that there is no evidence of direct exploitation of CVE-2024-43491, it has observed that rollbacks of CVEs related to Optional Components for Windows 10 (version 1507), which prompted Microsoft to apply the exploitability index assessment for this vulnerability as “Exploitation Detected.”

Microsoft DynamicsMedium Risk Medium RiskElevation of Privilege
Spoofing
Remote Code Execution		 

 

Number of 'Extremely High Risk' product(s): 3

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 3

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': Extremely High Risk

 

 

[Updated on 2024-09-16]

Updated Description.

Impact

  • Information Disclosure
  • Elevation of Privilege
  • Security Restriction Bypass
  • Spoofing
  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • SQL Server
  • Microsoft Office
  • Azure
  • Windows
  • Extended Security Updates (ESU)
  • Microsoft Dynamics

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier

Source

Related Link

Related Tags

MicrosoftExploit In The WildInformation DisclosureElevation of PrivilegeSecurity Restriction BypassSpoofingDenial of ServiceRemote Code Execution

Share with

Previous

NetApp Products Multiple Vulnerabilities

16 Sep 2024 3625 Views

Next

Zoom Products Information Disclosure Vulnerability

16 Sep 2024 3756 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY